From fed304b01c11dd8d8133f3cb098dca98ac7bbc16 Mon Sep 17 00:00:00 2001 From: "Jacques A. Vidrine" Date: Tue, 20 Aug 2002 12:02:45 +0000 Subject: [PATCH] RFC 2743 says (regarding gss_acquire_cred), ``A caller may provide the value NULL (GSS_C_NO_NAME) for desired_name, which will be interpreted as a request for a credential handle that will invoke default behavior when passed to GSS_Init_sec_context(), if cred_usage is GSS_C_INITIATE or GSS_C_BOTH, or GSS_Accept_sec_context(), if cred_usage is GSS_C_ACCEPT or GSS_C_BOTH.'' git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@11155 ec53bebd-3082-4978-b11e-865c3cabbd6b --- lib/gssapi/ChangeLog | 6 ++++++ lib/gssapi/acquire_cred.c | 8 +------- lib/gssapi/inquire_cred.c | 18 +++++++++++++++--- lib/gssapi/krb5/ChangeLog | 6 ++++++ lib/gssapi/krb5/acquire_cred.c | 8 +------- lib/gssapi/krb5/inquire_cred.c | 18 +++++++++++++++--- lib/gssapi/krb5/release_cred.c | 3 ++- lib/gssapi/release_cred.c | 3 ++- 8 files changed, 48 insertions(+), 22 deletions(-) diff --git a/lib/gssapi/ChangeLog b/lib/gssapi/ChangeLog index 967336b79..a369cf8de 100644 --- a/lib/gssapi/ChangeLog +++ b/lib/gssapi/ChangeLog @@ -1,3 +1,9 @@ +2002-08-20 Jacques Vidrine + + * acquire_cred.c, inquire_cred.c, release_cred.c: Use default + credential resolution if gss_acquire_cred is called with + GSS_C_NO_NAME. + 2002-06-20 Jacques Vidrine * import_name.c: Compare name types by value if pointers do diff --git a/lib/gssapi/acquire_cred.c b/lib/gssapi/acquire_cred.c index a9cdaadaa..84814f5a7 100644 --- a/lib/gssapi/acquire_cred.c +++ b/lib/gssapi/acquire_cred.c @@ -164,12 +164,6 @@ static OM_uint32 acquire_acceptor_cred kret = 0; ret = GSS_S_FAILURE; - if (handle->principal == NULL) { - kret = krb5_sname_to_principal(gssapi_krb5_context, NULL, NULL, - KRB5_NT_SRV_HST, &handle->principal); - if (kret) - goto end; - } kret = get_keytab(&handle->keytab); if (kret) goto end; @@ -210,7 +204,7 @@ OM_uint32 gss_acquire_cred memset(handle, 0, sizeof (*handle)); - if (desired_name != NULL) { + if (desired_name != GSS_C_NO_NAME) { ret = gss_duplicate_name(minor_status, desired_name, &handle->principal); if (ret != GSS_S_COMPLETE) { diff --git a/lib/gssapi/inquire_cred.c b/lib/gssapi/inquire_cred.c index fd24f74d1..08ba402d4 100644 --- a/lib/gssapi/inquire_cred.c +++ b/lib/gssapi/inquire_cred.c @@ -51,10 +51,22 @@ OM_uint32 gss_inquire_cred } if (name != NULL) { - ret = gss_duplicate_name(minor_status, cred_handle->principal, name); - if (ret) { + if (cred_handle->principal != NULL) { + ret = gss_duplicate_name(minor_status, cred_handle->principal, + name); + if (ret) return ret; - } + } else if (cred_handle->usage == GSS_C_ACCEPT) { + *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL, + NULL, KRB5_NT_SRV_HST, name); + if (*minor_status) + return GSS_S_FAILURE; + } else { + *minor_status = krb5_get_default_principal(gssapi_krb5_context, + name); + if (*minor_status) + return GSS_S_FAILURE; + } } if (lifetime != NULL) { *lifetime = cred_handle->lifetime; diff --git a/lib/gssapi/krb5/ChangeLog b/lib/gssapi/krb5/ChangeLog index 967336b79..a369cf8de 100644 --- a/lib/gssapi/krb5/ChangeLog +++ b/lib/gssapi/krb5/ChangeLog @@ -1,3 +1,9 @@ +2002-08-20 Jacques Vidrine + + * acquire_cred.c, inquire_cred.c, release_cred.c: Use default + credential resolution if gss_acquire_cred is called with + GSS_C_NO_NAME. + 2002-06-20 Jacques Vidrine * import_name.c: Compare name types by value if pointers do diff --git a/lib/gssapi/krb5/acquire_cred.c b/lib/gssapi/krb5/acquire_cred.c index a9cdaadaa..84814f5a7 100644 --- a/lib/gssapi/krb5/acquire_cred.c +++ b/lib/gssapi/krb5/acquire_cred.c @@ -164,12 +164,6 @@ static OM_uint32 acquire_acceptor_cred kret = 0; ret = GSS_S_FAILURE; - if (handle->principal == NULL) { - kret = krb5_sname_to_principal(gssapi_krb5_context, NULL, NULL, - KRB5_NT_SRV_HST, &handle->principal); - if (kret) - goto end; - } kret = get_keytab(&handle->keytab); if (kret) goto end; @@ -210,7 +204,7 @@ OM_uint32 gss_acquire_cred memset(handle, 0, sizeof (*handle)); - if (desired_name != NULL) { + if (desired_name != GSS_C_NO_NAME) { ret = gss_duplicate_name(minor_status, desired_name, &handle->principal); if (ret != GSS_S_COMPLETE) { diff --git a/lib/gssapi/krb5/inquire_cred.c b/lib/gssapi/krb5/inquire_cred.c index fd24f74d1..08ba402d4 100644 --- a/lib/gssapi/krb5/inquire_cred.c +++ b/lib/gssapi/krb5/inquire_cred.c @@ -51,10 +51,22 @@ OM_uint32 gss_inquire_cred } if (name != NULL) { - ret = gss_duplicate_name(minor_status, cred_handle->principal, name); - if (ret) { + if (cred_handle->principal != NULL) { + ret = gss_duplicate_name(minor_status, cred_handle->principal, + name); + if (ret) return ret; - } + } else if (cred_handle->usage == GSS_C_ACCEPT) { + *minor_status = krb5_sname_to_principal(gssapi_krb5_context, NULL, + NULL, KRB5_NT_SRV_HST, name); + if (*minor_status) + return GSS_S_FAILURE; + } else { + *minor_status = krb5_get_default_principal(gssapi_krb5_context, + name); + if (*minor_status) + return GSS_S_FAILURE; + } } if (lifetime != NULL) { *lifetime = cred_handle->lifetime; diff --git a/lib/gssapi/krb5/release_cred.c b/lib/gssapi/krb5/release_cred.c index eeb0ff6a8..f6226c17e 100644 --- a/lib/gssapi/krb5/release_cred.c +++ b/lib/gssapi/krb5/release_cred.c @@ -46,7 +46,8 @@ OM_uint32 gss_release_cred gssapi_krb5_init (); - krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); + if ((*cred_handle)->principal != NULL) + krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); if ((*cred_handle)->keytab != NULL) krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); if ((*cred_handle)->ccache != NULL) diff --git a/lib/gssapi/release_cred.c b/lib/gssapi/release_cred.c index eeb0ff6a8..f6226c17e 100644 --- a/lib/gssapi/release_cred.c +++ b/lib/gssapi/release_cred.c @@ -46,7 +46,8 @@ OM_uint32 gss_release_cred gssapi_krb5_init (); - krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); + if ((*cred_handle)->principal != NULL) + krb5_free_principal(gssapi_krb5_context, (*cred_handle)->principal); if ((*cred_handle)->keytab != NULL) krb5_kt_close(gssapi_krb5_context, (*cred_handle)->keytab); if ((*cred_handle)->ccache != NULL)